McAfee – Release TIE 2.3.1
by Secutec
Tech update
Resolved issues in this release: deletion of MAR custom collector, TIE Server Topology Management page reports, update of the OpenSSL, update of the OpenSSH, update of the Linux kernel parameters and rotation of the Tieserver-start.log. This release was deceloped for use with: McAfee ePO 5.3.x on-premise or later, McAfee DXL 2.0.0 or later, McAfee TIE server 2.0.x or later and McAfee Active response 2.4.0.
Resolved issues:
- Tieserver-start.log didn’t rotate according to /etc/logrotate.d/tieserver.conf causing the logs to exhaust root partition capacity. Upgrading TIE server to 2.3.1 version ȴ[es the logrotate conȴguration (1262122).
- Deletion of MAR custom collector fails ‘Cannot delete the requested Collectors’ when MAR server is active in a TIE server secondary or reporting secondary appliance. Upgrading TIE server to 2.3.1 version grants delete permissions in the MAR tables for the tiewriter database user.
- TIE Server Topology Management page reports a Database and Storage health check error when the query that checks the size of the biggest table is executed while the table is vacuumed. Upgrading TIE server to 2.3.1 version changes the query used to perform the check and makes sure that data-health.sh script returns a consistent value.
- Updated of the OpenSSL to 1.0.2q which mitigates local timing side channel and DoS attacks (CVE-2018-5407, CVE-2018-0734, and CVE-2018-0732).
- Update of th OpenSSH to 7.4p1-17 which solves user enumeration/oracle attacks and included a conȴguration change to disable GSSAPI Authentication (CVE-2018-15473, and CVE-2018-15919).
Update of Linux kernel parameters to mitigate a remote DoS attack known as FragmentSmack (CVE-2018-5391).